mirror of
https://github.com/samba-team/samba.git
synced 2025-02-02 09:47:23 +03:00
s3:smbstatus: pretty print the use of new signing/encryption algorithms
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Stefan Metzmacher
parent
f435de5917
commit
b576123dd9
@ -41,6 +41,7 @@ struct sessionid {
|
|||||||
uint16_t connection_dialect;
|
uint16_t connection_dialect;
|
||||||
uint8_t encryption_flags;
|
uint8_t encryption_flags;
|
||||||
uint16_t cipher;
|
uint16_t cipher;
|
||||||
|
uint16_t signing;
|
||||||
uint8_t signing_flags;
|
uint8_t signing_flags;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -72,6 +72,7 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global,
|
|||||||
session.encryption_flags = global->encryption_flags;
|
session.encryption_flags = global->encryption_flags;
|
||||||
session.cipher = global->channels[0].encryption_cipher;
|
session.cipher = global->channels[0].encryption_cipher;
|
||||||
session.signing_flags = global->signing_flags;
|
session.signing_flags = global->signing_flags;
|
||||||
|
session.signing = global->channels[0].signing_algo;
|
||||||
|
|
||||||
return state->fn(NULL, &session, state->private_data);
|
return state->fn(NULL, &session, state->private_data);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -44,6 +44,7 @@ struct connections_forall_session {
|
|||||||
fstring addr;
|
fstring addr;
|
||||||
uint16_t cipher;
|
uint16_t cipher;
|
||||||
uint16_t dialect;
|
uint16_t dialect;
|
||||||
|
uint16_t signing;
|
||||||
uint8_t signing_flags;
|
uint8_t signing_flags;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -67,6 +68,7 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
|
|||||||
fstrcpy(sess.machine, global->channels[0].remote_name);
|
fstrcpy(sess.machine, global->channels[0].remote_name);
|
||||||
fstrcpy(sess.addr, global->channels[0].remote_address);
|
fstrcpy(sess.addr, global->channels[0].remote_address);
|
||||||
sess.cipher = global->channels[0].encryption_cipher;
|
sess.cipher = global->channels[0].encryption_cipher;
|
||||||
|
sess.signing = global->channels[0].signing_algo;
|
||||||
sess.dialect = global->connection_dialect;
|
sess.dialect = global->connection_dialect;
|
||||||
sess.signing_flags = global->signing_flags;
|
sess.signing_flags = global->signing_flags;
|
||||||
|
|
||||||
@ -133,6 +135,7 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global,
|
|||||||
data.encryption_flags = global->encryption_flags;
|
data.encryption_flags = global->encryption_flags;
|
||||||
data.cipher = sess.cipher;
|
data.cipher = sess.cipher;
|
||||||
data.dialect = sess.dialect;
|
data.dialect = sess.dialect;
|
||||||
|
data.signing = sess.signing;
|
||||||
data.signing_flags = global->signing_flags;
|
data.signing_flags = global->signing_flags;
|
||||||
|
|
||||||
state->count++;
|
state->count++;
|
||||||
|
|||||||
@ -37,6 +37,7 @@ struct connections_data {
|
|||||||
uint16_t cipher;
|
uint16_t cipher;
|
||||||
uint16_t dialect;
|
uint16_t dialect;
|
||||||
uint8_t signing_flags;
|
uint8_t signing_flags;
|
||||||
|
uint16_t signing;
|
||||||
};
|
};
|
||||||
|
|
||||||
/* The following definitions come from lib/conn_tdb.c */
|
/* The following definitions come from lib/conn_tdb.c */
|
||||||
|
|||||||
@ -358,12 +358,23 @@ static int traverse_connections(const struct connections_key *key,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (smbXsrv_is_signed(crec->signing_flags)) {
|
if (smbXsrv_is_signed(crec->signing_flags)) {
|
||||||
if (crec->dialect >= SMB3_DIALECT_REVISION_302) {
|
switch (crec->signing) {
|
||||||
signing = "AES-128-CMAC";
|
case SMB2_SIGNING_MD5_SMB1:
|
||||||
} else if (crec->dialect >= SMB2_DIALECT_REVISION_202) {
|
|
||||||
signing = "HMAC-SHA256";
|
|
||||||
} else {
|
|
||||||
signing = "HMAC-MD5";
|
signing = "HMAC-MD5";
|
||||||
|
break;
|
||||||
|
case SMB2_SIGNING_HMAC_SHA256:
|
||||||
|
signing = "HMAC-SHA256";
|
||||||
|
break;
|
||||||
|
case SMB2_SIGNING_AES128_CMAC:
|
||||||
|
signing = "AES-128-CMAC";
|
||||||
|
break;
|
||||||
|
case SMB2_SIGNING_AES128_GMAC:
|
||||||
|
signing = "AES-128-GMAC";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
signing = "???";
|
||||||
|
result = -1;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -450,6 +461,12 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
|
|||||||
case SMB2_ENCRYPTION_AES128_GCM:
|
case SMB2_ENCRYPTION_AES128_GCM:
|
||||||
encryption = "AES-128-GCM";
|
encryption = "AES-128-GCM";
|
||||||
break;
|
break;
|
||||||
|
case SMB2_ENCRYPTION_AES256_CCM:
|
||||||
|
encryption = "AES-256-CCM";
|
||||||
|
break;
|
||||||
|
case SMB2_ENCRYPTION_AES256_GCM:
|
||||||
|
encryption = "AES-256-GCM";
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
encryption = "???";
|
encryption = "???";
|
||||||
result = -1;
|
result = -1;
|
||||||
@ -466,6 +483,12 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
|
|||||||
case SMB2_ENCRYPTION_AES128_GCM:
|
case SMB2_ENCRYPTION_AES128_GCM:
|
||||||
encryption = "partial(AES-128-GCM)";
|
encryption = "partial(AES-128-GCM)";
|
||||||
break;
|
break;
|
||||||
|
case SMB2_ENCRYPTION_AES256_CCM:
|
||||||
|
encryption = "partial(AES-256-CCM)";
|
||||||
|
break;
|
||||||
|
case SMB2_ENCRYPTION_AES256_GCM:
|
||||||
|
encryption = "partial(AES-256-GCM)";
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
encryption = "???";
|
encryption = "???";
|
||||||
result = -1;
|
result = -1;
|
||||||
@ -474,20 +497,42 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (smbXsrv_is_signed(session->signing_flags)) {
|
if (smbXsrv_is_signed(session->signing_flags)) {
|
||||||
if (session->connection_dialect >= SMB3_DIALECT_REVISION_302) {
|
switch (session->signing) {
|
||||||
signing = "AES-128-CMAC";
|
case SMB2_SIGNING_MD5_SMB1:
|
||||||
} else if (session->connection_dialect >= SMB2_DIALECT_REVISION_202) {
|
|
||||||
signing = "HMAC-SHA256";
|
|
||||||
} else {
|
|
||||||
signing = "HMAC-MD5";
|
signing = "HMAC-MD5";
|
||||||
|
break;
|
||||||
|
case SMB2_SIGNING_HMAC_SHA256:
|
||||||
|
signing = "HMAC-SHA256";
|
||||||
|
break;
|
||||||
|
case SMB2_SIGNING_AES128_CMAC:
|
||||||
|
signing = "AES-128-CMAC";
|
||||||
|
break;
|
||||||
|
case SMB2_SIGNING_AES128_GMAC:
|
||||||
|
signing = "AES-128-GMAC";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
signing = "???";
|
||||||
|
result = -1;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
} else if (smbXsrv_is_partially_signed(session->signing_flags)) {
|
} else if (smbXsrv_is_partially_signed(session->signing_flags)) {
|
||||||
if (session->connection_dialect >= SMB3_DIALECT_REVISION_302) {
|
switch (session->signing) {
|
||||||
signing = "partial(AES-128-CMAC)";
|
case SMB2_SIGNING_MD5_SMB1:
|
||||||
} else if (session->connection_dialect >= SMB2_DIALECT_REVISION_202) {
|
|
||||||
signing = "partial(HMAC-SHA256)";
|
|
||||||
} else {
|
|
||||||
signing = "partial(HMAC-MD5)";
|
signing = "partial(HMAC-MD5)";
|
||||||
|
break;
|
||||||
|
case SMB2_SIGNING_HMAC_SHA256:
|
||||||
|
signing = "partial(HMAC-SHA256)";
|
||||||
|
break;
|
||||||
|
case SMB2_SIGNING_AES128_CMAC:
|
||||||
|
signing = "partial(AES-128-CMAC)";
|
||||||
|
break;
|
||||||
|
case SMB2_SIGNING_AES128_GMAC:
|
||||||
|
signing = "partial(AES-128-GMAC)";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
signing = "???";
|
||||||
|
result = -1;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user